HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ppierald

no profile record

comments

ppierald
·2 năm trước·discuss
Respectively, yes. The ability to create venvs so fast, that it becomes a silent operation that the end user never thinks about anymore. The dependency management and installation is lightning quick. It deals with all of the python versioning

and I think a killer feature is the ability to inline dependencies in your Python source code, then use: uv tool run <scriptname>

Your script code would like:

#!/usr/bin/env -S uv run --script # /// script # requires-python = ">=3.12" # dependencies = [ # "...", # "..." # ] # ///

Then uv will make a new venv, install the dependencies, and execute the script faster than you think. The first run is a bit slower due to downloads and etc, but the second and subsequent runs are a bunch of internal symlink shuffling.

It is really interesting. You should at least take a look at a YT or something. I think you will be impressed.

Good luck!
ppierald
·2 năm trước·discuss
I like "Hi Team". I do use that in certain social circles, but I do get the point of the article.

Survivor, the US TV show, used to say "Come on in guys" until recently where they made a point to discuss the topic on camera with the contestants. There was a variety of opinions, but they ultimately settled on "Come on in." which conveys the point in a neutral tone.
ppierald
·2 năm trước·discuss
[flagged]
ppierald
·2 năm trước·discuss
I happened to get invited to friends of my in-laws who own a vacation property on the Oregon coast for the 2017 eclipse. Of course, the Pacific coast is dicey at best, so we were crossing our fingers. When the time came, the stars lined up and we had that magical moment, except right at that moment, the waste truck came through picking up the bins. If you have the opportunity, GO. The worst case is you don't see it. The best case is one of the most memorable experiences of your life.
ppierald
·3 năm trước·discuss
A few points.

PCI-DSS does not mandate the use of a WAF. It is one of two ways you can fulfill requirement 6.5 or 6.6. WAF + OWASP Top Ten ruleset is typically easier to get evidence for your auditor, but you can show that continuous scanning using a DAST scanning engine to meet requirements.

I would have a WAF installed with very few highly tuned rules against mostly SQLi. Why? Because the damage of letting that through and praying that the developer or web-app framework does it right are significant. The rules for SQLi are pretty easy to get right and dropping that traffic before it gets to your web server is a reasonable thing.

I would have a WAF installed with no rules too. It is nice to have something there where you can drop in a Log4J rule and get protection relatively quickly for attacks of that nature. There have been a number of these over the years and a small performance penalty seems worth the big picture safety net.

I am against the pricey models that the cloud vendors push. WAF can get expensive. They typically are bundled with other cloud services, but hey, if you've gotten that far, you are probably outsourcing most things to the cloud provider anyway.

I do not like WAF pragmatically because it lets the developer off the hook in many ways. There is something there doing their work for them and another reason for some developers to not understand or care about the security of their applications. Something else will do it for me whether I know this or not.